Cisco Anyconnect 2factor auth with texting possible?

SAM MUNZANI · ‎10-08-2019

Does Cisco ASA and Anyconnect support 2 factor authentication with text messaging? I saw documents about DUO but the customer is looking for text message option. 1st factor would be radius and 2nd factor a text message to pre-defined cell phone number.

Rahul Govindan · ‎10-08-2019

You can do this if you use DUO with LDAPS and set is as the secondary authentication server on the ASA. You will get 1 username and 2 password fields. For the second one, type the word "sms". This will send you a batch of SMS passcodes that you can use with the same prompt the next time you connect. I think this process is a little convoluted. It looks they have removed this from most of their recent documentation.

Marius Gunnerud · ‎10-08-2019

We use Azure MFA at one of our clients which synchronizes with AD and pulls mobile numbers from users objects in AD. The user logs in to AnyConnect with the AD user, ISE forwards the username password to Azure MFA which checks the login against AD, Azure MFA then sends an SMS with the OTP and the user types this in.

I am sure there are more providers out there that can do this also, you just need to pick the one that suits your environment and budget.

--
Please remember to select a correct answer and rate helpful posts